Presentation is loading. Please wait.

Presentation is loading. Please wait.

Secure/Encrypt SQL Server Database With TDE

Published by西 邬 Modified over 5 years ago

Similar presentations

Presentation on theme: "Secure/Encrypt SQL Server Database With TDE"— Presentation transcript:

1 Secure/Encrypt SQL Server Database With TDE
Thomas Chan Secure/Encrypt SQL Server Database With TDE

2 Thanks Vendors

3 How am I ? I work for Virginia state as SQL DBA
18+ year in IT and since SQL 7 I love computer, database, Sid Meier's Civilization and The Battle of Polytopia

4 Agenda Where can I do data encryption ? Why encrypt database ?
Where TDE act? How does it work ? SSMS user interface Pros and Cons ! Demos 

5 Where can I do encryption?
SQL functions EncryptByKey, DecryptByKey SSL Bit Locker TDE

6 Why encrypt database ? Protect sensitive data against un-authorized lower level user (OS, virtual machine or storage) Compliance with standards and policies (business or legal)

7 Standards PCI DSS – financial/payment (credit card)
HIPAA – health/medical FERPA – education and family Sarbanes-Oxley Act (SOX) – US corporation, accounting and communication PII – personal identifiable information

8 Where TDE act ? Database Engine TDE Decrypt Encrypt

9 What is TDE ? One more layer to protect data
Encrypt at page level on the fly. It means data, log and backup files are encrypted Does not encrypt columns or connections Algorithm: AES 128, 192, 256 and Triple DES

10 Encryption Hierarchy Windows level: Data Protection API (DPAPI)
SQL Instance level: master key and certificate Database level: database master key and encryption key

11 Encryption Hierarchy 2 Windows / OS SQL Instance Database

12 SSMS user interface

13 Pros and Cons PROS Encrypt database files: backup, transaction log and data files Protect data against lower level access like OS users Low performance cost It is transparent, no coding CONS Does not encrypt memory or file streams data Does not encrypt connections Must be SQL enterprise or developer edition

14 Other considerations Always encrypt TempDB (pro or cons)
Master key dependency (may use SQL EKM capability or EKM software) Works with high availability and disaster recovery options: failover clustering, mirroring and log shipping Replication data is not encrypted when it travels between servers (plain text) Is it work “well” with compression??

15 Demo Show the data and backup file before TDE in notepad Enable TDE
Monitor enabling operation Restore database with TDE enabled in 2nd instance (VM02) Disable TDE TDE working with log shipping ?

16 SATA rpm + 1 GB = 1 min 20 sec SCSI rpm + SAN (redundancy disk/Raid 0) will be much faster

17 References Understanding TDE Extensible Key Management (EKM) Protecting SQL Server Data – John Magnabosco (free ebook from Red Gate)

18 Questions ?

Download ppt "Secure/Encrypt SQL Server Database With TDE"

Similar presentations

Notes: Update as of 1/13/2010. Vulnerabilities are included for SQL Server 2000, SQL Server 2005, SQL Server 2008. Oracle (8i, 9i, 9iR2, 10g, 10gR2,11g),

Notes: Update as of 1/13/2010. Vulnerabilities are included for SQL Server 2000, SQL Server 2005, SQL Server Oracle (8i, 9i, 9iR2, 10g, 10gR2,11g),
On-Premises VM Microsoft builds both SQL Server and Microsoft Azure Thus it can provide end-to-end experiences that are optimized and use.

On-Premises VM Microsoft builds both SQL Server and Microsoft Azure Thus it can provide end-to-end experiences that are optimized and use.
Gavin Payne Transparent Data Encryption The Hows, Whys and Whens.

Gavin Payne Transparent Data Encryption The Hows, Whys and Whens.
Securing Data Storage Protecting Data at Rest Advanced Systems Group Dell Computer Asia Ltd.

Securing Data Storage Protecting Data at Rest Advanced Systems Group Dell Computer Asia Ltd.
Notes: Update as of 12/31/2010 inclusive. Chart counts NIST CVE – Reported Software Flaws by “published” date, utilizing the NIST NVD. SQL Server.

Notes: Update as of 12/31/2010 inclusive. Chart counts NIST CVE – Reported Software Flaws by “published” date, utilizing the NIST NVD. SQL Server.
Genie Backup ManagerServer 7.0 Product Profile. Copyright© Genie-Soft Corporation 2001-2007. All rights reserved. Overview GBM Server 7.0 is a fully integrated.

Genie Backup ManagerServer 7.0 Product Profile. Copyright© Genie-Soft Corporation All rights reserved. Overview GBM Server 7.0 is a fully integrated.
Windows Azure Migrating SQL Server Workloads Speaker Title Organization.

Windows Azure Migrating SQL Server Workloads Speaker Title Organization.
Chapter 10 : Designing a SQL Server 2005 Solution for High Availability MCITP Administrator: Microsoft SQL Server 2005 Database Server Infrastructure Design.

Chapter 10 : Designing a SQL Server 2005 Solution for High Availability MCITP Administrator: Microsoft SQL Server 2005 Database Server Infrastructure Design.
Jim McLeod MyDBA  SQL Server Performance Tuning Consultant with MyDBA  Microsoft Certified Trainer with SQLskills Australia 

Jim McLeod MyDBA  SQL Server Performance Tuning Consultant with MyDBA  Microsoft Certified Trainer with SQLskills Australia 
Data Management Conference Data Security for Audit and Compliance Terry Room Architect, Microsoft Ltd London September 29th.

Data Management Conference Data Security for Audit and Compliance Terry Room Architect, Microsoft Ltd London September 29th.
Roy Ernest Database Administrator Pinnacle Sports Worldwide SQL Server 2008 Transparent Data Encryption.

Roy Ernest Database Administrator Pinnacle Sports Worldwide SQL Server 2008 Transparent Data Encryption.
Sofia, Bulgaria | 9-10 October SQL Server 2005 High Availability for developers Vladimir Tchalkov Crossroad Ltd. Vladimir Tchalkov Crossroad Ltd.

Sofia, Bulgaria | 9-10 October SQL Server 2005 High Availability for developers Vladimir Tchalkov Crossroad Ltd. Vladimir Tchalkov Crossroad Ltd.
DATABASE MIRRORING  Mirroring is mainly implemented for increasing the database availability.  Is configured on a Database level.  Mainly involves two.

DATABASE MIRRORING  Mirroring is mainly implemented for increasing the database availability.  Is configured on a Database level.  Mainly involves two.
Additional Security Tools Lesson 15. Skills Matrix.

Additional Security Tools Lesson 15. Skills Matrix.
Module 7: SQL Server Special Considerations. Overview SQL Server High Availability Unicode.

Module 7: SQL Server Special Considerations. Overview SQL Server High Availability Unicode.
MISSION CRITICAL COMPUTING SQL Server Special Considerations.

MISSION CRITICAL COMPUTING SQL Server Special Considerations.
SQL Server 2014, more than just in-memory Eric Zierdt.

SQL Server 2014, more than just in-memory Eric Zierdt.
Over 18 yrs experience with SQL Server

Over 18 yrs experience with SQL Server
Secure SQL Database with TDE Thomas Chan SQL Saturday 445 - Raleigh.

Secure SQL Database with TDE Thomas Chan SQL Saturday Raleigh.
SQL Server High Availability Introduction to SQL Server high availability solutions.

SQL Server High Availability Introduction to SQL Server high availability solutions.

Similar presentations

Ads by Google